research-article

MultiLayer processing - an execution model for parallel stateful packet processing

Authors:

Mario Nemirovsky,

Mateo ValeroAuthors Info & Claims

ANCS '08: Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

Pages 79 - 88

https://doi.org/10.1145/1477942.1477954

Published: 06 November 2008 Publication History

Abstract

Mostly emerging network applications comprise deep packet inspection and/or stateful capabilities. Stateful workloads present limitations that reduce the exploitation of parallelism, unlike other network applications that show marginal dependencies among packets. In addition, differences among packet processing lead to significant negative interaction between threads, especially in the memory hierarchy.

We propose MultiLayer Processing (MLP) as an execution model to properly exploit the levels of parallelism of stateful applications. The goal of MLP is to increase the system throughput by increasing the synergy among threads in the memory hierarchy, and alleviating the contention in critical sections of parallel workloads. We show that MLP presents about 2.4x higher throughput than other execution models with large processor architectures.

References

[1]

Netra Data Plane Software Suite 2.0 Reference Manual, 2007.

[2]

E. Ayguade, X. Martorell, J. Labarta, M. Gonzalez, and N. Navarro. Exploiting Multiple Levels of Parallelism in OpenMP: A Case Study. In In Procs. of ICPP '99, page 172, Washington, DC, USA, 1999. IEEE Computer Society.

Digital Library

[3]

M. Baron. Tilera's cores communicate better. Microprocessor Report, Nov 2007.

[4]

Cavium Networks Inc. http://www.caviumnetworks.com.

[5]

M. Colajanni and M. Marchetti. A parallel architecture for stateful intrusion detection in high traffic networks. In IEEE / IST Workshop on Monitoring, Attack Detection and Mitigation, Tuebingen, Germany, Sept. 2006.

[6]

Network Security: 128-core processor is designed for secure LAN. http://www.eetimes.com.

[7]

T. Constantinou, Y. Sazeides, P. Michaud, D. Fetis, and A. Seznec. Performance implications of single thread migration on a chip multi-core. SIGARCH Comput. Archit. News, 33(4):80--91, 2005.

Digital Library

[8]

M. Franklin and S. Datar. Pipeline task scheduling on network processors. In Procs. of Workshop NP3, Madrid, Spain, 2004.

[9]

R. Golla. Niagara2: A highly threaded Server-on-a-Chip. http://www.opensparc.net/pubs/preszo/06/04-Sun-Golla.pdf.

[10]

B. Haagdorens, T. Vermeiren, and M. Goossens. Improving the performance of signature-based network intrusion detection sensors by multi-threading. In Procs. of WISA-5, August 2004.

[11]

C. L. Hayes and Y. Luo. DPICO: a high speed deep packet inspection engine using compact finite automata. In Procs. of the 3rd ANCS, pages 195--203, NY, USA, 2007.

Digital Library

[12]

S. Kim and J. yong Lee. A system architecture for high-speed deep packet inspection in signature-based network intrusion prevention. J. Syst. Archit., 53(5--6):310--320, 2007.

Digital Library

[13]

C. Kruegel, F. Valeur, G. Vigna, and R. Kemmerer. Stateful intrusion detection for high-speed networks. In Procs. of the IEEE Symposium on Security and Privacy, page 285, Washington, DC, USA, 2002. IEEE Computer Society.

Digital Library

[14]

A. Mallik, Y. Zhang, and G. Memik. Automated task distribution in multicore network processors using statistical analysis. In Proc. of the 3rd ANCS, pages 67--76, NY, USA, 2007.

Digital Library

[15]

M. R. Marty and M. D. Hill. Virtual hierarchies. IEEE Micro, 28(1):99--109, 2008.

Digital Library

[16]

S. Melvin, M. Nemirovsky, E. Musoll, J. Huynh, R. Milito, H. Urdaneta, and K. Saraf. A massively multithreaded packet processor. In Procs. of Workshop NP2, CA, USA, Feb 2003.

[17]

J. E. Moreira. On the implementation and effectiveness of autoscheduling for shared-memory multiprocessors. PhD thesis, Champaign, IL, USA, 1995.

Digital Library

[18]

National Lab of Applied Network Research. http://pma.nlanr.net/Traces.

[19]

V. Paxson, R. Sommer, and N. Weaver. An architecture for exploiting multi-core processors to parallelize network intrusion prevention. In Proc. IEEE Sarnoff Symposium, May 2007.

[20]

W. Plishker. Automated task allocation for network processors, October 2004.

[21]

Raza Microelectronics Inc. http://www.razamicroelectronics.com.

[22]

J. Renau, B. Fraguela, J. Tuck, W. Liu, M. Prvulovic, L. Ceze, S. Sarangi, P. Sack, K. Strauss, and P. Montesinos. SESC simulator, January 2005. http://sesc.sourceforge.net.

[23]

D. L. Schuff, Y. R. Choe, and V. S. Pai. Conservative vs. optimistic parallelization of stateful network intrusion detection. In Procs. of the 12th ACM SIGPLAN PPoPP, 2007.

Digital Library

[24]

D. L. Schuff and V. S. Pai. Design alternatives for a high-performance self-securing ethernet network interface. In Procs. of 21th IPDPS, pages 1--10. IEEE, March 2007.

[25]

The open source network intrusion detection system. http://www.snort.org.

[26]

A. Srinivasan, P. Holman, J. Anderson, S. Baruah, and J. Kaur. Multiprocessor scheduling in processor-based router platforms: Issues and ideas. In Network Processor Design: Issues and Practices, November 2003.

[27]

Sun Microsystems. UltraSPARC T1 Supplement to the UltraSPARC Architecture 2005, 2006.

[28]

M. Vallentin, R. Sommer, J. Lee, C. Leres, V. Paxson, and B. Tierney. The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware. In Procs. of 10th RAID, pages 107--126, Sept 2007.

Digital Library

[29]

J. Verdú, J. García, M. Nemirovsky, and M. Valero. Architectural impact of stateful networking applications. In Proc. of the 1st ANCS, Princeton, NJ, Oct. 2005.

Digital Library

[30]

T. Vermeiren, E. Borghs, and B. Haagdorens. Evaluation of software techniques for parallel packet processing on multi-core processors. In Procs. of IEEE CCNC, NV, USA, Jan. 2004.

[31]

N. Weng and T. Wolf. Pipelining vs. multiprocessors - choosing the right network processor system topology. In Procs. of Workshop ANCHOR, Munich, Germany, June 2004.

[32]

N. Weng and T. Wolf. Profiling and mapping of parallel workloads on network processors. In Proc. of the 20th ACM SAC, pages 890--896, Santa Fe, NM, Mar. 2005.

Digital Library

[33]

T. Wolf, P. Pappu, and M. A. Franklin. Predictive scheduling of network processors. Computer Networks, 41(5):601--621, Apr. 2003.

Digital Library

[34]

F. Yu. High Speed Deep Packet Inspection with Hardware Support. PhD thesis, EECS Department, University of California, Berkeley, Nov 2006.

Digital Library

Cited By

Simon MGallenmüller SCarle G(2024)On-the-fly Table Insertions on Programmable Software Data Planes2024 20th International Conference on Network and Service Management (CNSM)10.23919/CNSM62983.2024.10814561(1-7)Online publication date: 28-Oct-2024
https://doi.org/10.23919/CNSM62983.2024.10814561
Ren QWu JLi ZZhang Z(2021)Modeling for Endogenous Secure Domain Name System Based on Software Defined Networks2021 3rd International Academic Exchange Conference on Science and Technology Innovation (IAECST)10.1109/IAECST54258.2021.9695571(378-382)Online publication date: 10-Dec-2021
https://doi.org/10.1109/IAECST54258.2021.9695571
IKARASHI HJIN YYAMAI NKITAGAWA NOKAYAMA K(2018)Design and Implementation of SDN-Based Proactive Firewall System in Collaboration with Domain Name ResolutionIEICE Transactions on Information and Systems10.1587/transinf.2017ICP0014E101.D:11(2633-2643)Online publication date: 1-Nov-2018
https://doi.org/10.1587/transinf.2017ICP0014
Show More Cited By

Index Terms

MultiLayer processing - an execution model for parallel stateful packet processing
1. Computer systems organization
  1. Architectures
    1. Parallel architectures
      1. Multiple instruction, multiple data
2. Hardware
  1. Hardware validation

Recommendations

A Parallel Packet Processing Method on Multi-core Systems
DCABES '11: Proceedings of the 2011 10th International Symposium on Distributed Computing and Applications to Business, Engineering and Science

The demand of network packet processing is increasing as applications demand more and more bandwidth and computing capability. In this paper, the characteristics of packet processing and multi-core systems are analyzed. In order to analyze the ...
Exploiting parallel processing in large scientific applications
packetC Language for High Performance Packet Processing
HPCC '09: Proceedings of the 2009 11th IEEE International Conference on High Performance Computing and Communications

Increasingly, applications that process network packets, especially those that inspect packet payload content, need to run at speeds in the range of 1-40 Gigabits per second. These requirements en-courage exploiting specialized hardware. Thus, typical ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ANCS '08: Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

November 2008

191 pages

ISBN:9781605583464

DOI:10.1145/1477942

General Chair:
Mark Franklin
Washington University in St. Louis
,
Program Chairs:
D. K. Panda
Ohio State University
,
Dimitri Stiliadis
Bell Laboratory

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Ministerio de Economía y Competitividad

Conference

ANCS '08

Sponsor:

ANCS '08: Symposium on Architecture for Networking and Communications Systems

November 6 - 7, 2008

California, San Jose

Acceptance Rates

ANCS '08 Paper Acceptance Rate 17 of 67 submissions, 25%;

Overall Acceptance Rate 88 of 314 submissions, 28%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
547
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Simon MGallenmüller SCarle G(2024)On-the-fly Table Insertions on Programmable Software Data Planes2024 20th International Conference on Network and Service Management (CNSM)10.23919/CNSM62983.2024.10814561(1-7)Online publication date: 28-Oct-2024
https://doi.org/10.23919/CNSM62983.2024.10814561
Ren QWu JLi ZZhang Z(2021)Modeling for Endogenous Secure Domain Name System Based on Software Defined Networks2021 3rd International Academic Exchange Conference on Science and Technology Innovation (IAECST)10.1109/IAECST54258.2021.9695571(378-382)Online publication date: 10-Dec-2021
https://doi.org/10.1109/IAECST54258.2021.9695571
IKARASHI HJIN YYAMAI NKITAGAWA NOKAYAMA K(2018)Design and Implementation of SDN-Based Proactive Firewall System in Collaboration with Domain Name ResolutionIEICE Transactions on Information and Systems10.1587/transinf.2017ICP0014E101.D:11(2633-2643)Online publication date: 1-Nov-2018
https://doi.org/10.1587/transinf.2017ICP0014
Danelutto MKilpatrick PMencagli GTorquati M(2018)State access patterns in stream parallel computationsInternational Journal of High Performance Computing Applications10.1177/109434201769413432:6(807-818)Online publication date: 1-Nov-2018
https://dl.acm.org/doi/10.1177/1094342017694134
Ghaznavi MShahriar NKamali SAhmed RBoutaba R(2017)Distributed Service Function ChainingIEEE Journal on Selected Areas in Communications10.1109/JSAC.2017.276017835:11(2479-2489)Online publication date: Nov-2017
https://doi.org/10.1109/JSAC.2017.2760178
De Carli LSommer RJha SAhn GYung MLi N(2014)Beyond Pattern MatchingProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2660361(1378-1390)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2660267.2660361
Guo DBhuyan LLiu B(2012)An efficient parallelized L7-filter design for multicore serversIEEE/ACM Transactions on Networking10.1109/TNET.2011.217785820:5(1426-1439)Online publication date: 1-Oct-2012
https://dl.acm.org/doi/10.1109/TNET.2011.2177858
Jiang HYang JXie G(2011)Exploring and Enhancing the Performance of Parallel IDS on Multi-core ProcessorsProceedings of the 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2011.86(673-680)Online publication date: 16-Nov-2011
https://dl.acm.org/doi/10.1109/TrustCom.2011.86
Zhang KWang JHua BTang X(2011)Building High-Performance Application Protocol Parsers on Multi-core ArchitecturesProceedings of the 2011 IEEE 17th International Conference on Parallel and Distributed Systems10.1109/ICPADS.2011.37(188-195)Online publication date: 7-Dec-2011
https://dl.acm.org/doi/10.1109/ICPADS.2011.37
Labrecque MSteffan JLin BMogul JIyer R(2010)The case for hardware transactional memory in software packet processingProceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems10.1145/1872007.1872053(1-11)Online publication date: 25-Oct-2010
https://dl.acm.org/doi/10.1145/1872007.1872053
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten